Esempio n. 1
0
 function __construct($module, $user_id = null, $user_name = null)
 {
     $module = xos_sanitize_string(str_replace(' ', '', $module));
     if (defined('MODULE_ACTION_RECORDER_INSTALLED') && xos_not_null(MODULE_ACTION_RECORDER_INSTALLED)) {
         if (xos_not_null($module) && in_array($module . '.' . substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.') + 1), explode(';', MODULE_ACTION_RECORDER_INSTALLED))) {
             if (!class_exists($module)) {
                 if (file_exists(DIR_WS_MODULES . 'action_recorder/' . $module . '.' . substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.') + 1))) {
                     include DIR_FS_SMARTY . 'admin/languages/' . $_SESSION['language'] . '/modules/action_recorder/' . $module . '.' . substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.') + 1);
                     include DIR_WS_MODULES . 'action_recorder/' . $module . '.' . substr(basename($_SERVER['PHP_SELF']), strrpos(basename($_SERVER['PHP_SELF']), '.') + 1);
                 } else {
                     return false;
                 }
             }
         } else {
             return false;
         }
     } else {
         return false;
     }
     $this->_module = $module;
     if (!empty($user_id) && is_numeric($user_id)) {
         $this->_user_id = $user_id;
     }
     if (!empty($user_name)) {
         $this->_user_name = $user_name;
     }
     $GLOBALS[$this->_module] = new $module();
     $GLOBALS[$this->_module]->setIdentifier();
 }
Esempio n. 2
0
function xos_db_prepare_input($string)
{
    if (is_string($string)) {
        return trim(xos_sanitize_string(stripslashes($string)));
    } elseif (is_array($string)) {
        reset($string);
        while (list($key, $value) = each($string)) {
            $string[$key] = xos_db_prepare_input($value);
        }
        return $string;
    } else {
        return $string;
    }
}
 if (isset($_POST['keywords']) && isset($_POST['copid']) && isset($_POST['_m']) && isset($_POST['pfrom']) && isset($_POST['pto']) && isset($_POST['dfrom']) && isset($_POST['dto'])) {
     $_GET['keywords'] = $_POST['keywords'];
     $_GET['sid'] = $_POST['sid'];
     $_GET['copid'] = $_POST['copid'];
     $_GET['_m'] = $_POST['_m'];
     $_GET['pfrom'] = $_POST['pfrom'];
     $_GET['pto'] = $_POST['pto'];
     $_GET['dfrom'] = $_POST['dfrom'];
     $_GET['dto'] = $_POST['dto'];
 }
 $action = (isset($_GET['keywords']) || isset($_GET['pfrom']) || isset($_GET['pto']) || isset($_GET['dfrom']) || isset($_GET['dto'])) && !isset($_GET['from_search_result']) ? true : false;
 $error = false;
 if ($action) {
     $_SESSION['navigation']->remove_current_page();
     $_SESSION['navigation']->add_current_page();
     $_GET['keywords'] = xos_sanitize_string($_GET['keywords']);
     if (isset($_GET['keywords']) && empty($_GET['keywords']) && (isset($_GET['dfrom']) && (empty($_GET['dfrom']) || $_GET['dfrom'] == AS_FORMAT_STRING)) && (isset($_GET['dto']) && (empty($_GET['dto']) || $_GET['dto'] == AS_FORMAT_STRING)) && (isset($_GET['pfrom']) && !is_numeric($_GET['pfrom'])) && (isset($_GET['pto']) && !is_numeric($_GET['pto']))) {
         $error = true;
         $messageStack->add('search', ERROR_AT_LEAST_ONE_INPUT);
     } else {
         $dfrom = '';
         $dto = '';
         $pfrom = '';
         $pto = '';
         $keywords = '';
         if (isset($_GET['dfrom'])) {
             $dfrom = $_GET['dfrom'] == AS_FORMAT_STRING ? '' : $_GET['dfrom'];
         }
         if (isset($_GET['dto'])) {
             $dto = $_GET['dto'] == AS_FORMAT_STRING ? '' : $_GET['dto'];
         }